Good points. It is also worth noting that regulations still need to catch up to cloud realities. Regulators are notoriously slow at allowing for the use of new technology. For now, playing it safe is best for financial companies, since regulators have not indicated if they will treat cloud security breaches and differently than internal security breaches.

The convenience/quicker/cheaper aspect must of course,a s you say, always be balanced against the security aspect, having a third party in possession/control of your data. It is the eternal struggle of Cloud...

Cloud computing is often faster, cheaper, and more convenient than the business attempting to cover all bases on its own, at least in the beginning. However, the reality of having confidential data in unknown hands is that the potential damage could far outweigh the initial cost and labor savings. That's not even going into the problems it would cause for individuals whose data has been compromised.

Businesses that are entrusted with any variety of confidential data must have a system in place that can adequately control and regulate access to information (covered under current compliance regulations). Ideally, the system is difficult to exploit or modify by design, as every action taken on it is logged. If such defensive measures were implemented at every level for a layered approach to security, a company knows that it has the greatest protection possible.